Software made with Delphi. How do you know?

How many times have we heard someone talking about how Delphi was used to make one piece of software or another or that it's being used by some well known company?

It happens all the time.

Of course, the obvious first question is "How do you know?"

I suppose the best way would be to hear it directly from the companies themselves. Or at least from the people doing the development. Here are some that I found interesting:

• NASA 
• European Space Agency
• artist Rafael Lozano-Hemmer (projects)
• Niagara Falls
• Vancouver Winter Olympics
• Miniatur Wunderland
• Disney

Embarcadero has published some case studies and a showcase with more examples.

However, this is kind of the exception. Companies don't necessarily go out of their way to talk about what development tools they use. At least not the companies I've dealt with. You usually have to do a little bit of digging.

And take anecdotal stories with a grain of salt. Unless someone has direct knowledge about the tools a company is using, their information could be outdated or just flat out wrong. If you want to be sure, then you need to check for yourself.

How do you check?

If you have access to the software, the easiest and most reliable way is to look at the executables. If an executable has a DVCLAL and/or PACKAGEINFO resource, then you can be pretty sure it was created with Delphi or C++ Builder.

That's all there is to it. Simple, right?

If you dig a little deeper, GetPackageInfo returns some interesting flags that can identify, among other things, whether the Delphi or C++ Builder compiler was used. The constants are defined in SysUtils.

{ Package Info flags }
const
  [...]
  pfV3Produced  = $00000000; // Delphi or C++ Builder 3
  pfProducerUndefined = $04000000; // Unknown
  pfBCB4Produced = $08000000; // C++ Builder
  pfDelphi4Produced = $0C000000; // Delphi

The contents of the DVCLAL resource can identify which edition was used; Personal, Professional or Enterprise. The Community edition shows as Professional and editions above Enterprise (Ultimate and Architect) show as Enterprise. The Starter and Turbo editions are now defunct, but applications built using these show as Personal and Professional, respectively.

Personal [23 78 5D 23 B6 A5 F3 19 43 F3 40 02 26 D1 11 C7]
Professional  [A2 8C DF 98 7B 3C 3A 79 26 71 3F 09 0F 2A 25 17]
Enterprise  [26 3D 4F 38 C2 82 37 B8 F3 24 42 03 17 9B 3A 83]

IsDelphi

I thought it would be interesting to search my entire hard drive and see what kind of applications were built with Delphi (or C++ Builder).

IsDelphi was written in Delphi (naturally) and the source code can be found on Code Central. I have tested it against Delphi 10.1 Berlin and 10.2 Tokyo, including the Community Edition. It may compile with older versions of Delphi, but I have not tried it yet.

Drag one or more files and/or folders from Windows Explorer to IsDelphi's main form and it will examine any executable files that it finds. It searches subfolders, so if you drag C:\ to the main form, expect it to take a while.

The results can be copied to the clipboard as a comma separated list or a file in the results list can be opened in Windows Explorer to see it in context.

What is an executable file?

For the purposes of this discussion IsDelphi considers an executable to be a portable executable file with one of the following file extensions:

.EXE - Application
.DLL - Application extension
.OCX - ActiveX control
.CPL - Control panel item
.SCR - Screen saver
.BPL - Borland package library

Potential Complications

Not every version of Delphi or C++ Builder included DVCLAL or PACKAGEINFO resources, and if an executable has been compressed or encrypted using an EXE compression tool like UPX, the contents of resources might be altered or they might not be readable at all through normal means. Sometimes you need to make an educated guess.

If these resources can be enumerated but can't be read or if they can be read but contain unexpected values, then Delphi or C++ Builder is assumed.

If the resources aren't found in an executable, IsDelphi looks for forms. Form resources begin with "TPF0" [54 50 46 30]. It doesn't matter if a form is from the VCL (.DFM), FireMonkey (.FMX), CLX (.XFM) or Lazarus (.LFM). The resources are all encoded the same way.

If an executable has one or more form resources, then Delphi or C++ Builder was probably used. Unless one of the forms includes a reference to "LCLVersion", which means it was likely made with Lazarus.


Inno Setup and False Positives

Inno Setup is a popular installer written in Delphi. The installation executable that gets generated shows as Delphi and the install includes a file named something like "unins000.exe" which also shows as being written in Delphi, even if the application itself isn't. This is the case with Microsoft's Visual Studio Code, for example.


Additional Information

More information, tools and techniques to help identify Delphi applications can be found on the Determine Delphi Application wiki page.

If someone wanted to take a closer look at the inner workings of executable files, I recommend Anders Melander's Resource Editor, the XN Resource Editor and Detect It Easy.

Some Interesting Finds

As you can imagine, when I looked through my own hard drives, I found more than a few Delphi applications, including some from notable companies that I don't think I've seen mentioned before as using Delphi.

Hewlett-Packard - HPePrint was installed with my HP printer driver and was written in Delphi.

ASUS - Several Delphi and C++ Builder executables are installed on computers with ASUS motherboards and on ASUS laptops for things like their installer, registration and TurboV (overclocking).

DELL - Someone kindly pointed out in the comments that the Dell Display Manager was written in Delphi. And so is their Dell Monitor Driver Installer.

If anyone tries IsDelphi, let me know if you find anything interesting.